Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."
No CVSS v3.1
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact High
Availability Impact None
User Interaction None
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
AV:N/AC:L/Au:N/C:N/I:P/A:N
Vendors | Products |
---|---|
Microsoft |
|
Configuration 1 [-]
|
Configuration 2 [-]
AND |
|
Configuration 3 [-]
AND |
|
Configuration 4 [-]
AND |
|
Configuration 5 [-]
AND |
|
Configuration 6 [-]
AND |
|
Configuration 7 [-]
AND |
|
Configuration 8 [-]
AND |
|
Configuration 9 [-]
AND |
|
Configuration 10 [-]
AND |
|
Configuration 11 [-]
AND |
|
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/102380 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1040152 | Third Party Advisory VDB Entry |
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2018-01-09T00:00:00
Updated: 2018-03-27T17:57:01
Reserved: 2017-12-01T00:00:00
Link: CVE-2018-0786
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-10T01:29:00.320
Modified: 2021-08-12T17:19:05.447
Link: CVE-2018-0786
JSON object: View
Redhat Information
No data.
CWE